UbuntuUpdates.org

Package "ghostscript"

Name: ghostscript

Description:

interpreter for the PostScript language and for PDF

Latest version: 9.26~dfsg+0-0ubuntu0.16.04.14
Release: xenial (16.04)
Level: security
Repository: main
Homepage: http://www.ghostscript.com/

Links


Download "ghostscript"


Other versions of "ghostscript" in Xenial

Repository Area Version
base main 9.18~dfsg~0-0ubuntu2
updates main 9.26~dfsg+0-0ubuntu0.16.04.14

Packages in group

Deleted packages are displayed in grey.


Changelog

Version: 9.26~dfsg+0-0ubuntu0.16.04.14 2021-01-07 16:07:10 UTC

  ghostscript (9.26~dfsg+0-0ubuntu0.16.04.14) xenial-security; urgency=medium

  * SECURITY UPDATE: integer overflow in opj_t1_encode_cblks
    - debian/patches/CVE-2018-5727.patch: fix UBSAN signed integer overflow
      in openjpeg/src/lib/openjp2/t1.c.
    - CVE-2018-5727
  * SECURITY UPDATE: heap overflow in opj_t1_clbl_decode_processor
    - debian/patches/CVE-2020-6851.patch: reject images whose
      coordinates are beyond INT_MAX in openjpeg/src/lib/openjp2/j2k.c.
    - CVE-2020-6851
  * SECURITY UPDATE: another heap overflow in opj_t1_clbl_decode_processor
    - debian/patches/CVE-2020-8112.patch: avoid integer overflow in
      openjpeg/src/lib/openjp2/tcd.c.
    - CVE-2020-8112
  * SECURITY UPDATE: heap-buffer-overflow
    - debian/patches/CVE-2020-27814-1.patch: grow buffer size in
      openjpeg/src/lib/openjp2/tcd.c.
    - debian/patches/CVE-2020-27814-2.patch: grow it again
    - debian/patches/CVE-2020-27814-3.patch: and some more
    - debian/patches/CVE-2020-27814-4.patch: bigger, BIGGER!!!
    - CVE-2020-27814
  * SECURITY UPDATE: global-buffer-overflow
    - debian/patches/CVE-2020-27824.patch: avoid global buffer overflow on
      irreversible conversion when too many decomposition levels are
      specified in openjpeg/src/lib/openjp2/dwt.c.
    - CVE-2020-27824
  * SECURITY UPDATE: out-of-bounds read
    - debian/patches/CVE-2020-27841.patch: add extra checks to
      openjpeg/src/lib/openjp2/pi.c, openjpeg/src/lib/openjp2/pi.h,
      openjpeg/src/lib/openjp2/t2.c.
    - CVE-2020-27841
  * SECURITY UPDATE: null pointer dereference
    - debian/patches/CVE-2020-27842.patch: add check to
      openjpeg/src/lib/openjp2/t2.c.
    - CVE-2020-27842
  * SECURITY UPDATE: out-of-bounds read
    - debian/patches/CVE-2020-27843.patch: add check to
      openjpeg/src/lib/openjp2/t2.c.
    - CVE-2020-27843
  * SECURITY UPDATE: out-of-bounds read
    - debian/patches/CVE-2020-27845.patch: add extra checks to
      openjpeg/src/lib/openjp2/pi.c.
    - CVE-2020-27845

 -- Marc Deslauriers <email address hidden> Wed, 06 Jan 2021 12:44:08 -0500

Source diff to previous version
CVE-2018-5727 In OpenJPEG 2.3.0, there is an integer overflow vulnerability in the opj_t1_encode_cblks function (openjp2/t1.c). Remote attackers could leverage thi
CVE-2020-6851 OpenJPEG through 2.3.1 has a heap-based buffer overflow in opj_t1_clbl_decode_processor in openjp2/t1.c because of lack of opj_j2k_update_image_dimen
CVE-2020-8112 opj_t1_clbl_decode_processor in openjp2/t1.c in OpenJPEG 2.3.1 through 2020-01-28 has a heap-based buffer overflow in the qmfbid==1 case, a different
CVE-2020-27824 global-buffer-overflow read in lib-openjp2
CVE-2020-27841 There's a flaw in openjpeg in versions prior to 2.4.0 in src/lib/openjp2/pi.c. When an attacker is able to provide crafted input to be processed by t
CVE-2020-27842 There's a flaw in openjpeg's t2 encoder in versions prior to 2.4.0. An attacker who is able to provide crafted input to be processed by openjpeg coul
CVE-2020-27843 A flaw was found in OpenJPEG in versions prior to 2.4.0. This flaw allows an attacker to provide specially crafted input to the conversion or encodin
CVE-2020-27845 There's a flaw in src/lib/openjp2/pi.c of openjpeg in versions prior to 2.4.0. If an attacker is able to provide untrusted input to openjpeg's conver

Version: 9.26~dfsg+0-0ubuntu0.16.04.13 2020-08-24 14:06:18 UTC

  ghostscript (9.26~dfsg+0-0ubuntu0.16.04.13) xenial-security; urgency=medium

  * SECURITY UPDATE: Multiple security issues
    - debian/patches/CVE-2020-16*.patch: backport multiple upstream commits
      to fix various security issues.
    - CVE-2020-16287, CVE-2020-16288, CVE-2020-16289, CVE-2020-16290,
      CVE-2020-16291, CVE-2020-16292, CVE-2020-16293, CVE-2020-16294,
      CVE-2020-16295, CVE-2020-16296, CVE-2020-16297, CVE-2020-16298,
      CVE-2020-16299, CVE-2020-16300, CVE-2020-16301, CVE-2020-16302,
      CVE-2020-16303, CVE-2020-16304, CVE-2020-16305, CVE-2020-16306,
      CVE-2020-16307, CVE-2020-16308, CVE-2020-16309, CVE-2020-16310,
      CVE-2020-17538

 -- Marc Deslauriers <email address hidden> Fri, 21 Aug 2020 13:16:34 -0400

Source diff to previous version
CVE-2020-16287 A buffer overflow vulnerability in lprn_is_black() in contrib/lips4/gdevlprn.c of Artifex Software GhostScript v9.50 allows a remote attacker to caus
CVE-2020-16288 A buffer overflow vulnerability in pj_common_print_page() in devices/gdevpjet.c of Artifex Software GhostScript v9.50 allows a remote attacker to cau
CVE-2020-16289 A buffer overflow vulnerability in cif_print_page() in devices/gdevcif.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a de
CVE-2020-16290 A buffer overflow vulnerability in jetp3852_print_page() in devices/gdev3852.c of Artifex Software GhostScript v9.50 allows a remote attacker to caus
CVE-2020-16291 A buffer overflow vulnerability in contrib/gdevdj9.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via
CVE-2020-16292 A buffer overflow vulnerability in mj_raster_cmd() in contrib/japanese/gdevmjc.c of Artifex Software GhostScript v9.50 allows a remote attacker to ca
CVE-2020-16293 A null pointer dereference vulnerability in compose_group_nonknockout_nonblend_isolated_allmask_common() in base/gxblend.c of Artifex Software GhostS
CVE-2020-16294 A buffer overflow vulnerability in epsc_print_page() in devices/gdevepsc.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a
CVE-2020-16295 A null pointer dereference vulnerability in clj_media_size() in devices/gdevclj.c of Artifex Software GhostScript v9.50 allows a remote attacker to c
CVE-2020-16296 A buffer overflow vulnerability in GetNumWrongData() in contrib/lips4/gdevlips.c of Artifex Software GhostScript v9.50 allows a remote attacker to ca
CVE-2020-16297 A buffer overflow vulnerability in FloydSteinbergDitheringC() in contrib/gdevbjca.c of Artifex Software GhostScript v9.50 allows a remote attacker to
CVE-2020-16298 A buffer overflow vulnerability in mj_color_correct() in contrib/japanese/gdevmjc.c of Artifex Software GhostScript v9.50 allows a remote attacker to
CVE-2020-16299 A Division by Zero vulnerability in bj10v_print_page() in contrib/japanese/gdev10v.c of Artifex Software GhostScript v9.50 allows a remote attacker t
CVE-2020-16300 A buffer overflow vulnerability in tiff12_print_page() in devices/gdevtfnx.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause
CVE-2020-16301 A buffer overflow vulnerability in okiibm_print_page1() in devices/gdevokii.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause
CVE-2020-16302 A buffer overflow vulnerability in jetp3852_print_page() in devices/gdev3852.c of Artifex Software GhostScript v9.50 allows a remote attacker to esca
CVE-2020-16303 A use-after-free vulnerability in xps_finish_image_path() in devices/vector/gdevxps.c of Artifex Software GhostScript v9.50 allows a remote attacker
CVE-2020-16304 A buffer overflow vulnerability in image_render_color_thresh() in base/gxicolor.c of Artifex Software GhostScript v9.50 allows a remote attacker to e
CVE-2020-16305 A buffer overflow vulnerability in pcx_write_rle() in contrib/japanese/gdev10v.c of Artifex Software GhostScript v9.50 allows a remote attacker to ca
CVE-2020-16306 A null pointer dereference vulnerability in devices/gdevtsep.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of se
CVE-2020-16307 A null pointer dereference vulnerability in devices/vector/gdevtxtw.c and psi/zbfont.c of Artifex Software GhostScript v9.50 allows a remote attacker
CVE-2020-16308 A buffer overflow vulnerability in p_print_image() in devices/gdevcdj.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a den
CVE-2020-16309 A buffer overflow vulnerability in lxm5700m_print_page() in devices/gdevlxm.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause
CVE-2020-16310 A division by zero vulnerability in dot24_print_page() in devices/gdevdm24.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause
CVE-2020-17538 A buffer overflow vulnerability in GetNumSameData() in contrib/lips4/gdevlips.c of Artifex Software GhostScript v9.50 allows a remote attacker to cau

Version: 9.26~dfsg+0-0ubuntu0.16.04.12 2019-11-14 18:06:33 UTC

  ghostscript (9.26~dfsg+0-0ubuntu0.16.04.12) xenial-security; urgency=medium

  * SECURITY UPDATE: '-dSAFER' restrictions bypass by .forceput when
    loading fonts
    - debian/patches/CVE-2019-14869.patch: remove use of .forceput in
      Resource/Init/gs_ttf.ps.
    - CVE-2019-14869

 -- Marc Deslauriers <email address hidden> Wed, 06 Nov 2019 10:46:55 -0500

Source diff to previous version
CVE-2019-14869 -dSAFER escape in .charkeys

Version: 9.26~dfsg+0-0ubuntu0.16.04.11 2019-08-29 02:06:21 UTC

  ghostscript (9.26~dfsg+0-0ubuntu0.16.04.11) xenial-security; urgency=medium

  * SECURITY UPDATE: '-dSAFER' restrictions bypass by .forceput
    Exposures
    - debian/patches/CVE-2019-14811-CVE-2019-14812-CVE-2019-14813.patch:
      Be more defensive by preventing access to .forceput from
      .setuserparams2.
    - CVE-2019-14811
    - CVE-2019-14812
    - CVE-2019-14813
    - debian/patches/CVE-2019-14817.patch: mark more uses of .forceput
      as execteonly
    - CVE-2019-14817

 -- Steve Beattie <email address hidden> Tue, 27 Aug 2019 22:43:23 -0700

Source diff to previous version

Version: 9.26~dfsg+0-0ubuntu0.16.04.10 2019-08-12 15:07:31 UTC

  ghostscript (9.26~dfsg+0-0ubuntu0.16.04.10) xenial-security; urgency=medium

  * SECURITY UPDATE: `-dSAFER` restrictions bypass
    - debian/patches/CVE-2019-10216.patch: protect use of .forceput
      with executeonly
    - CVE-2019-10216

 -- Steve Beattie <email address hidden> Thu, 08 Aug 2019 21:25:51 -0700

CVE-2019-10216 -dSAFER escape via .buildfont1



About   -   Send Feedback to @ubuntu_updates